Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hb5-5Lgf65ngduAamTP5QllGHfg.roa
File:                     Hb5-5Lgf65ngduAamTP5QllGHfg.roa (raw, json)
Hash identifier:          +YXF9Rm791CfwpKO7cfam/cDEtQOL2Hg20P+BMQ54ZU=
Subject key identifier:   1D:BE:7E:E4:B8:1F:EB:99:E0:76:E0:1A:99:33:F9:42:59:46:1D:F8
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF2112A46699D54E4DDA21932366C
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hb5-5Lgf65ngduAamTP5QllGHfg.roa
Signing time:             Mon 01 Jan 2024 18:30:49 +0000
ROA not before:           Mon 01 Jan 2024 18:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61353
IP address blocks:        81.181.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f2:11:2a:46:69:9d:54:e4:dd:a2:19:32:36:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dbe7ee4b81feb99e076e01a9933f94259461df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d6:ca:8a:c4:a7:3f:a7:73:c7:e4:0a:d3:83:
                    c7:01:51:91:14:ef:f5:39:6e:62:d7:29:d5:3f:99:
                    66:4e:07:7b:cf:56:34:eb:13:de:18:3a:44:84:f3:
                    f3:69:07:29:15:ad:dd:00:b3:3e:dc:ac:3d:e4:3f:
                    ec:1f:9e:b7:2f:66:40:46:1d:94:10:5f:7b:00:88:
                    bd:73:fa:aa:33:52:76:f6:03:3f:24:f4:d6:46:96:
                    98:bd:d4:b8:45:bc:ed:af:62:ff:2a:56:e7:89:d1:
                    cf:24:5c:53:bd:09:b3:0d:91:37:c6:34:21:b9:1d:
                    ec:7c:23:9e:fb:ca:9f:d2:51:e3:d8:7e:4a:4e:85:
                    a5:aa:95:dd:3b:d3:1e:e0:71:6a:46:9c:89:28:4d:
                    56:a8:ce:a0:12:2c:08:f1:3c:63:a8:df:62:9f:94:
                    bb:5c:bf:6d:05:c9:88:d4:4f:11:1c:91:d4:7d:6d:
                    b6:0b:7e:52:8e:59:14:24:00:34:54:63:d0:6d:8d:
                    28:cc:88:8e:d5:75:d4:1e:87:36:6a:b6:ef:ab:76:
                    a1:45:28:30:f5:f2:95:21:3f:f4:be:41:ad:e4:43:
                    b5:fe:5b:cb:ca:10:1a:45:41:87:cd:09:48:98:fb:
                    cd:18:e0:fa:f8:6f:5d:a8:bf:a7:38:dd:fc:16:40:
                    8e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BE:7E:E4:B8:1F:EB:99:E0:76:E0:1A:99:33:F9:42:59:46:1D:F8
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hb5-5Lgf65ngduAamTP5QllGHfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8b:b3:db:24:f5:41:9a:4c:04:bd:cd:67:33:38:2a:da:b9:
         63:ee:18:0e:51:c6:1d:4e:8f:e0:5a:8b:1b:76:ab:0b:d6:f5:
         6e:d3:09:8d:47:8d:a4:f6:e3:c2:b9:d6:02:47:70:09:c1:8c:
         49:d2:17:99:f9:37:bb:ad:16:c6:df:fc:24:59:92:d6:1a:cb:
         5d:67:6c:bb:c3:e6:ac:85:9f:0d:20:5b:37:b0:18:b3:92:4b:
         62:ff:34:c5:46:e9:e0:70:7c:e9:e7:32:0c:ce:34:e6:49:78:
         8d:fd:cb:08:38:98:94:aa:a8:0d:35:70:6c:e6:12:a1:85:ea:
         a5:5d:ba:df:8d:d9:e4:e9:5f:05:6c:78:dc:8f:6b:e3:fc:d0:
         67:7b:4b:eb:2f:85:0c:17:bc:00:32:fd:85:52:18:03:d3:12:
         d4:01:cd:7d:c4:a2:48:ec:b9:32:ad:a3:e5:30:a9:30:2e:07:
         d4:4e:df:d7:3f:d8:6a:31:45:a5:39:18:42:c1:6b:88:8c:22:
         e2:e2:68:39:eb:2c:27:f5:fe:34:b5:f0:de:56:b3:8d:78:94:
         78:d5:b2:51:32:9d:1a:22:c5:f4:af:0e:40:ec:d0:55:a2:a4:
         2c:d4:f4:1a:f3:46:8f:d2:f4:f1:63:f2:ce:33:00:c5:51:54:
         c4:04:b6:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvIRKkZpnVTk3aIZMjZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGJlN2VlNGI4MWZlYjk5ZTA3NmUwMWE5OTMzZjk0MjU5NDYxZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltbKisSnP6dzx+QK04PHAVGRFO/1
OW5i1ynVP5lmTgd7z1Y06xPeGDpEhPPzaQcpFa3dALM+3Kw95D/sH563L2ZARh2U
EF97AIi9c/qqM1J29gM/JPTWRpaYvdS4Rbztr2L/KlbnidHPJFxTvQmzDZE3xjQh
uR3sfCOe+8qf0lHj2H5KToWlqpXdO9Me4HFqRpyJKE1WqM6gEiwI8TxjqN9in5S7
XL9tBcmI1E8RHJHUfW22C35SjlkUJAA0VGPQbY0ozIiO1XXUHoc2arbvq3ahRSgw
9fKVIT/0vkGt5EO1/lvLyhAaRUGHzQlImPvNGOD6+G9dqL+nON38FkCOzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2+fuS4H+uZ4HbgGpkz+UJZRh34MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvSGI1LTVMZ2Y2NW5nZHVBYW1UUDVRbGxHSGZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUbWCMA0G
CSqGSIb3DQEBCwUAA4IBAQBHi7PbJPVBmkwEvc1nMzgq2rlj7hgOUcYdTo/gWosb
dqsL1vVu0wmNR42k9uPCudYCR3AJwYxJ0heZ+Te7rRbG3/wkWZLWGstdZ2y7w+as
hZ8NIFs3sBizkkti/zTFRungcHzp5zIMzjTmSXiN/csIOJiUqqgNNXBs5hKhheql
Xbrfjdnk6V8FbHjcj2vj/NBne0vrL4UMF7wAMv2FUhgD0xLUAc19xKJI7LkyraPl
MKkwLgfUTt/XP9hqMUWlORhCwWuIjCLi4mg56ywn9f40tfDeVrONeJR41bJRMp0a
IsX0rw5A7NBVoqQs1PQa80aP0vTxY/LOMwDFUVTEBLbB
-----END CERTIFICATE-----